freebsd-update.sh revision 171784
1#!/bin/sh 2 3#- 4# Copyright 2004-2006 Colin Percival 5# All rights reserved 6# 7# Redistribution and use in source and binary forms, with or without 8# modification, are permitted providing that the following conditions 9# are met: 10# 1. Redistributions of source code must retain the above copyright 11# notice, this list of conditions and the following disclaimer. 12# 2. Redistributions in binary form must reproduce the above copyright 13# notice, this list of conditions and the following disclaimer in the 14# documentation and/or other materials provided with the distribution. 15# 16# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 20# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 24# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 25# IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26# POSSIBILITY OF SUCH DAMAGE. 27 28# $FreeBSD: head/usr.sbin/freebsd-update/freebsd-update.sh 171784 2007-08-07 19:33:46Z cperciva $ 29 30#### Usage function -- called from command-line handling code. 31 32# Usage instructions. Options not listed: 33# --debug -- don't filter output from utilities 34# --no-stats -- don't show progress statistics while fetching files 35usage () { 36 cat <<EOF 37usage: `basename $0` [options] command ... [path] 38 39Options: 40 -b basedir -- Operate on a system mounted at basedir 41 (default: /) 42 -d workdir -- Store working files in workdir 43 (default: /var/db/freebsd-update/) 44 -f conffile -- Read configuration options from conffile 45 (default: /etc/freebsd-update.conf) 46 -k KEY -- Trust an RSA key with SHA256 hash of KEY 47 -s server -- Server from which to fetch updates 48 (default: update.FreeBSD.org) 49 -t address -- Mail output of cron command, if any, to address 50 (default: root) 51Commands: 52 fetch -- Fetch updates from server 53 cron -- Sleep rand(3600) seconds, fetch updates, and send an 54 email if updates were found 55 install -- Install downloaded updates 56 rollback -- Uninstall most recently installed updates 57EOF 58 exit 0 59} 60 61#### Configuration processing functions 62 63#- 64# Configuration options are set in the following order of priority: 65# 1. Command line options 66# 2. Configuration file options 67# 3. Default options 68# In addition, certain options (e.g., IgnorePaths) can be specified multiple 69# times and (as long as these are all in the same place, e.g., inside the 70# configuration file) they will accumulate. Finally, because the path to the 71# configuration file can be specified at the command line, the entire command 72# line must be processed before we start reading the configuration file. 73# 74# Sound like a mess? It is. Here's how we handle this: 75# 1. Initialize CONFFILE and all the options to "". 76# 2. Process the command line. Throw an error if a non-accumulating option 77# is specified twice. 78# 3. If CONFFILE is "", set CONFFILE to /etc/freebsd-update.conf . 79# 4. For all the configuration options X, set X_saved to X. 80# 5. Initialize all the options to "". 81# 6. Read CONFFILE line by line, parsing options. 82# 7. For each configuration option X, set X to X_saved iff X_saved is not "". 83# 8. Repeat steps 4-7, except setting options to their default values at (6). 84 85CONFIGOPTIONS="KEYPRINT WORKDIR SERVERNAME MAILTO ALLOWADD ALLOWDELETE 86 KEEPMODIFIEDMETADATA COMPONENTS IGNOREPATHS UPDATEIFUNMODIFIED 87 BASEDIR VERBOSELEVEL" 88 89# Set all the configuration options to "". 90nullconfig () { 91 for X in ${CONFIGOPTIONS}; do 92 eval ${X}="" 93 done 94} 95 96# For each configuration option X, set X_saved to X. 97saveconfig () { 98 for X in ${CONFIGOPTIONS}; do 99 eval ${X}_saved=\$${X} 100 done 101} 102 103# For each configuration option X, set X to X_saved if X_saved is not "". 104mergeconfig () { 105 for X in ${CONFIGOPTIONS}; do 106 eval _=\$${X}_saved 107 if ! [ -z "${_}" ]; then 108 eval ${X}=\$${X}_saved 109 fi 110 done 111} 112 113# Set the trusted keyprint. 114config_KeyPrint () { 115 if [ -z ${KEYPRINT} ]; then 116 KEYPRINT=$1 117 else 118 return 1 119 fi 120} 121 122# Set the working directory. 123config_WorkDir () { 124 if [ -z ${WORKDIR} ]; then 125 WORKDIR=$1 126 else 127 return 1 128 fi 129} 130 131# Set the name of the server (pool) from which to fetch updates 132config_ServerName () { 133 if [ -z ${SERVERNAME} ]; then 134 SERVERNAME=$1 135 else 136 return 1 137 fi 138} 139 140# Set the address to which 'cron' output will be mailed. 141config_MailTo () { 142 if [ -z ${MAILTO} ]; then 143 MAILTO=$1 144 else 145 return 1 146 fi 147} 148 149# Set whether FreeBSD Update is allowed to add files (or directories, or 150# symlinks) which did not previously exist. 151config_AllowAdd () { 152 if [ -z ${ALLOWADD} ]; then 153 case $1 in 154 [Yy][Ee][Ss]) 155 ALLOWADD=yes 156 ;; 157 [Nn][Oo]) 158 ALLOWADD=no 159 ;; 160 *) 161 return 1 162 ;; 163 esac 164 else 165 return 1 166 fi 167} 168 169# Set whether FreeBSD Update is allowed to remove files/directories/symlinks. 170config_AllowDelete () { 171 if [ -z ${ALLOWDELETE} ]; then 172 case $1 in 173 [Yy][Ee][Ss]) 174 ALLOWDELETE=yes 175 ;; 176 [Nn][Oo]) 177 ALLOWDELETE=no 178 ;; 179 *) 180 return 1 181 ;; 182 esac 183 else 184 return 1 185 fi 186} 187 188# Set whether FreeBSD Update should keep existing inode ownership, 189# permissions, and flags, in the event that they have been modified locally 190# after the release. 191config_KeepModifiedMetadata () { 192 if [ -z ${KEEPMODIFIEDMETADATA} ]; then 193 case $1 in 194 [Yy][Ee][Ss]) 195 KEEPMODIFIEDMETADATA=yes 196 ;; 197 [Nn][Oo]) 198 KEEPMODIFIEDMETADATA=no 199 ;; 200 *) 201 return 1 202 ;; 203 esac 204 else 205 return 1 206 fi 207} 208 209# Add to the list of components which should be kept updated. 210config_Components () { 211 for C in $@; do 212 COMPONENTS="${COMPONENTS} ${C}" 213 done 214} 215 216# Add to the list of paths under which updates will be ignored. 217config_IgnorePaths () { 218 for C in $@; do 219 IGNOREPATHS="${IGNOREPATHS} ${C}" 220 done 221} 222 223# Add to the list of paths within which updates will be performed only if the 224# file on disk has not been modified locally. 225config_UpdateIfUnmodified () { 226 for C in $@; do 227 UPDATEIFUNMODIFIED="${UPDATEIFUNMODIFIED} ${C}" 228 done 229} 230 231# Work on a FreeBSD installation mounted under $1 232config_BaseDir () { 233 if [ -z ${BASEDIR} ]; then 234 BASEDIR=$1 235 else 236 return 1 237 fi 238} 239 240# Define what happens to output of utilities 241config_VerboseLevel () { 242 if [ -z ${VERBOSELEVEL} ]; then 243 case $1 in 244 [Dd][Ee][Bb][Uu][Gg]) 245 VERBOSELEVEL=debug 246 ;; 247 [Nn][Oo][Ss][Tt][Aa][Tt][Ss]) 248 VERBOSELEVEL=nostats 249 ;; 250 [Ss][Tt][Aa][Tt][Ss]) 251 VERBOSELEVEL=stats 252 ;; 253 *) 254 return 1 255 ;; 256 esac 257 else 258 return 1 259 fi 260} 261 262# Handle one line of configuration 263configline () { 264 if [ $# -eq 0 ]; then 265 return 266 fi 267 268 OPT=$1 269 shift 270 config_${OPT} $@ 271} 272 273#### Parameter handling functions. 274 275# Initialize parameters to null, just in case they're 276# set in the environment. 277init_params () { 278 # Configration settings 279 nullconfig 280 281 # No configuration file set yet 282 CONFFILE="" 283 284 # No commands specified yet 285 COMMANDS="" 286} 287 288# Parse the command line 289parse_cmdline () { 290 while [ $# -gt 0 ]; do 291 case "$1" in 292 # Location of configuration file 293 -f) 294 if [ $# -eq 1 ]; then usage; fi 295 if [ ! -z "${CONFFILE}" ]; then usage; fi 296 shift; CONFFILE="$1" 297 ;; 298 299 # Configuration file equivalents 300 -b) 301 if [ $# -eq 1 ]; then usage; fi; shift 302 config_BaseDir $1 || usage 303 ;; 304 -d) 305 if [ $# -eq 1 ]; then usage; fi; shift 306 config_WorkDir $1 || usage 307 ;; 308 -k) 309 if [ $# -eq 1 ]; then usage; fi; shift 310 config_KeyPrint $1 || usage 311 ;; 312 -s) 313 if [ $# -eq 1 ]; then usage; fi; shift 314 config_ServerName $1 || usage 315 ;; 316 -t) 317 if [ $# -eq 1 ]; then usage; fi; shift 318 config_MailTo $1 || usage 319 ;; 320 -v) 321 if [ $# -eq 1 ]; then usage; fi; shift 322 config_VerboseLevel $1 || usage 323 ;; 324 325 # Aliases for "-v debug" and "-v nostats" 326 --debug) 327 config_VerboseLevel debug || usage 328 ;; 329 --no-stats) 330 config_VerboseLevel nostats || usage 331 ;; 332 333 # Commands 334 cron | fetch | install | rollback) 335 COMMANDS="${COMMANDS} $1" 336 ;; 337 338 # Anything else is an error 339 *) 340 usage 341 ;; 342 esac 343 shift 344 done 345 346 # Make sure we have at least one command 347 if [ -z "${COMMANDS}" ]; then 348 usage 349 fi 350} 351 352# Parse the configuration file 353parse_conffile () { 354 # If a configuration file was specified on the command line, check 355 # that it exists and is readable. 356 if [ ! -z "${CONFFILE}" ] && [ ! -r "${CONFFILE}" ]; then 357 echo -n "File does not exist " 358 echo -n "or is not readable: " 359 echo ${CONFFILE} 360 exit 1 361 fi 362 363 # If a configuration file was not specified on the command line, 364 # use the default configuration file path. If that default does 365 # not exist, give up looking for any configuration. 366 if [ -z "${CONFFILE}" ]; then 367 CONFFILE="/etc/freebsd-update.conf" 368 if [ ! -r "${CONFFILE}" ]; then 369 return 370 fi 371 fi 372 373 # Save the configuration options specified on the command line, and 374 # clear all the options in preparation for reading the config file. 375 saveconfig 376 nullconfig 377 378 # Read the configuration file. Anything after the first '#' is 379 # ignored, and any blank lines are ignored. 380 L=0 381 while read LINE; do 382 L=$(($L + 1)) 383 LINEX=`echo "${LINE}" | cut -f 1 -d '#'` 384 if ! configline ${LINEX}; then 385 echo "Error processing configuration file, line $L:" 386 echo "==> ${LINE}" 387 exit 1 388 fi 389 done < ${CONFFILE} 390 391 # Merge the settings read from the configuration file with those 392 # provided at the command line. 393 mergeconfig 394} 395 396# Provide some default parameters 397default_params () { 398 # Save any parameters already configured, and clear the slate 399 saveconfig 400 nullconfig 401 402 # Default configurations 403 config_WorkDir /var/db/freebsd-update 404 config_MailTo root 405 config_AllowAdd yes 406 config_AllowDelete yes 407 config_KeepModifiedMetadata yes 408 config_BaseDir / 409 config_VerboseLevel stats 410 411 # Merge these defaults into the earlier-configured settings 412 mergeconfig 413} 414 415# Set utility output filtering options, based on ${VERBOSELEVEL} 416fetch_setup_verboselevel () { 417 case ${VERBOSELEVEL} in 418 debug) 419 QUIETREDIR="/dev/stderr" 420 QUIETFLAG=" " 421 STATSREDIR="/dev/stderr" 422 DDSTATS=".." 423 XARGST="-t" 424 NDEBUG=" " 425 ;; 426 nostats) 427 QUIETREDIR="" 428 QUIETFLAG="" 429 STATSREDIR="/dev/null" 430 DDSTATS=".." 431 XARGST="" 432 NDEBUG="" 433 ;; 434 stats) 435 QUIETREDIR="/dev/null" 436 QUIETFLAG="-q" 437 STATSREDIR="/dev/stdout" 438 DDSTATS="" 439 XARGST="" 440 NDEBUG="-n" 441 ;; 442 esac 443} 444 445# Perform sanity checks and set some final parameters 446# in preparation for fetching files. Figure out which 447# set of updates should be downloaded: If the user is 448# running *-p[0-9]+, strip off the last part; if the 449# user is running -SECURITY, call it -RELEASE. Chdir 450# into the working directory. 451fetch_check_params () { 452 export HTTP_USER_AGENT="freebsd-update (${COMMAND}, `uname -r`)" 453 454 _SERVERNAME_z=\ 455"SERVERNAME must be given via command line or configuration file." 456 _KEYPRINT_z="Key must be given via -k option or configuration file." 457 _KEYPRINT_bad="Invalid key fingerprint: " 458 _WORKDIR_bad="Directory does not exist or is not writable: " 459 460 if [ -z "${SERVERNAME}" ]; then 461 echo -n "`basename $0`: " 462 echo "${_SERVERNAME_z}" 463 exit 1 464 fi 465 if [ -z "${KEYPRINT}" ]; then 466 echo -n "`basename $0`: " 467 echo "${_KEYPRINT_z}" 468 exit 1 469 fi 470 if ! echo "${KEYPRINT}" | grep -qE "^[0-9a-f]{64}$"; then 471 echo -n "`basename $0`: " 472 echo -n "${_KEYPRINT_bad}" 473 echo ${KEYPRINT} 474 exit 1 475 fi 476 if ! [ -d "${WORKDIR}" -a -w "${WORKDIR}" ]; then 477 echo -n "`basename $0`: " 478 echo -n "${_WORKDIR_bad}" 479 echo ${WORKDIR} 480 exit 1 481 fi 482 cd ${WORKDIR} || exit 1 483 484 # Generate release number. The s/SECURITY/RELEASE/ bit exists 485 # to provide an upgrade path for FreeBSD Update 1.x users, since 486 # the kernels provided by FreeBSD Update 1.x are always labelled 487 # as X.Y-SECURITY. 488 RELNUM=`uname -r | 489 sed -E 's,-p[0-9]+,,' | 490 sed -E 's,-SECURITY,-RELEASE,'` 491 ARCH=`uname -m` 492 FETCHDIR=${RELNUM}/${ARCH} 493 494 # Figure out what directory contains the running kernel 495 BOOTFILE=`sysctl -n kern.bootfile` 496 KERNELDIR=${BOOTFILE%/kernel} 497 if ! [ -d ${KERNELDIR} ]; then 498 echo "Cannot identify running kernel" 499 exit 1 500 fi 501 502 # Figure out what kernel configuration is running. We start with 503 # the output of `uname -i`, and then make the following adjustments: 504 # 1. Replace "SMP-GENERIC" with "SMP". Why the SMP kernel config 505 # file says "ident SMP-GENERIC", I don't know... 506 # 2. If the kernel claims to be GENERIC _and_ ${ARCH} is "amd64" 507 # _and_ `sysctl kern.version` contains a line which ends "/SMP", then 508 # we're running an SMP kernel. This mis-identification is a bug 509 # which was fixed in 6.2-STABLE. 510 KERNCONF=`uname -i` 511 if [ ${KERNCONF} = "SMP-GENERIC" ]; then 512 KERNCONF=SMP 513 fi 514 if [ ${KERNCONF} = "GENERIC" ] && [ ${ARCH} = "amd64" ]; then 515 if sysctl kern.version | grep -qE '/SMP$'; then 516 KERNCONF=SMP 517 fi 518 fi 519 520 # Define some paths 521 BSPATCH=/usr/bin/bspatch 522 SHA256=/sbin/sha256 523 PHTTPGET=/usr/libexec/phttpget 524 525 # Set up variables relating to VERBOSELEVEL 526 fetch_setup_verboselevel 527 528 # Construct a unique name from ${BASEDIR} 529 BDHASH=`echo ${BASEDIR} | sha256 -q` 530} 531 532# Perform sanity checks and set some final parameters in 533# preparation for installing updates. 534install_check_params () { 535 # Check that we are root. All sorts of things won't work otherwise. 536 if [ `id -u` != 0 ]; then 537 echo "You must be root to run this." 538 exit 1 539 fi 540 541 # Check that we have a working directory 542 _WORKDIR_bad="Directory does not exist or is not writable: " 543 if ! [ -d "${WORKDIR}" -a -w "${WORKDIR}" ]; then 544 echo -n "`basename $0`: " 545 echo -n "${_WORKDIR_bad}" 546 echo ${WORKDIR} 547 exit 1 548 fi 549 cd ${WORKDIR} || exit 1 550 551 # Construct a unique name from ${BASEDIR} 552 BDHASH=`echo ${BASEDIR} | sha256 -q` 553 554 # Check that we have updates ready to install 555 if ! [ -L ${BDHASH}-install ]; then 556 echo "No updates are available to install." 557 echo "Run '$0 fetch' first." 558 exit 1 559 fi 560 if ! [ -f ${BDHASH}-install/INDEX-OLD ] || 561 ! [ -f ${BDHASH}-install/INDEX-NEW ]; then 562 echo "Update manifest is corrupt -- this should never happen." 563 echo "Re-run '$0 fetch'." 564 exit 1 565 fi 566} 567 568# Perform sanity checks and set some final parameters in 569# preparation for UNinstalling updates. 570rollback_check_params () { 571 # Check that we are root. All sorts of things won't work otherwise. 572 if [ `id -u` != 0 ]; then 573 echo "You must be root to run this." 574 exit 1 575 fi 576 577 # Check that we have a working directory 578 _WORKDIR_bad="Directory does not exist or is not writable: " 579 if ! [ -d "${WORKDIR}" -a -w "${WORKDIR}" ]; then 580 echo -n "`basename $0`: " 581 echo -n "${_WORKDIR_bad}" 582 echo ${WORKDIR} 583 exit 1 584 fi 585 cd ${WORKDIR} || exit 1 586 587 # Construct a unique name from ${BASEDIR} 588 BDHASH=`echo ${BASEDIR} | sha256 -q` 589 590 # Check that we have updates ready to rollback 591 if ! [ -L ${BDHASH}-rollback ]; then 592 echo "No rollback directory found." 593 exit 1 594 fi 595 if ! [ -f ${BDHASH}-rollback/INDEX-OLD ] || 596 ! [ -f ${BDHASH}-rollback/INDEX-NEW ]; then 597 echo "Update manifest is corrupt -- this should never happen." 598 exit 1 599 fi 600} 601 602#### Core functionality -- the actual work gets done here 603 604# Use an SRV query to pick a server. If the SRV query doesn't provide 605# a useful answer, use the server name specified by the user. 606# Put another way... look up _http._tcp.${SERVERNAME} and pick a server 607# from that; or if no servers are returned, use ${SERVERNAME}. 608# This allows a user to specify "portsnap.freebsd.org" (in which case 609# portsnap will select one of the mirrors) or "portsnap5.tld.freebsd.org" 610# (in which case portsnap will use that particular server, since there 611# won't be an SRV entry for that name). 612# 613# We ignore the Port field, since we are always going to use port 80. 614 615# Fetch the mirror list, but do not pick a mirror yet. Returns 1 if 616# no mirrors are available for any reason. 617fetch_pick_server_init () { 618 : > serverlist_tried 619 620# Check that host(1) exists (i.e., that the system wasn't built with the 621# WITHOUT_BIND set) and don't try to find a mirror if it doesn't exist. 622 if ! which -s host; then 623 : > serverlist_full 624 return 1 625 fi 626 627 echo -n "Looking up ${SERVERNAME} mirrors... " 628 629# Issue the SRV query and pull out the Priority, Weight, and Target fields. 630# BIND 9 prints "$name has SRV record ..." while BIND 8 prints 631# "$name server selection ..."; we allow either format. 632 MLIST="_http._tcp.${SERVERNAME}" 633 host -t srv "${MLIST}" | 634 sed -nE "s/${MLIST} (has SRV record|server selection) //p" | 635 cut -f 1,2,4 -d ' ' | 636 sed -e 's/\.$//' | 637 sort > serverlist_full 638 639# If no records, give up -- we'll just use the server name we were given. 640 if [ `wc -l < serverlist_full` -eq 0 ]; then 641 echo "none found." 642 return 1 643 fi 644 645# Report how many mirrors we found. 646 echo `wc -l < serverlist_full` "mirrors found." 647 648# Generate a random seed for use in picking mirrors. If HTTP_PROXY 649# is set, this will be used to generate the seed; otherwise, the seed 650# will be random. 651 if [ -n "${HTTP_PROXY}${http_proxy}" ]; then 652 RANDVALUE=`sha256 -qs "${HTTP_PROXY}${http_proxy}" | 653 tr -d 'a-f' | 654 cut -c 1-9` 655 else 656 RANDVALUE=`jot -r 1 0 999999999` 657 fi 658} 659 660# Pick a mirror. Returns 1 if we have run out of mirrors to try. 661fetch_pick_server () { 662# Generate a list of not-yet-tried mirrors 663 sort serverlist_tried | 664 comm -23 serverlist_full - > serverlist 665 666# Have we run out of mirrors? 667 if [ `wc -l < serverlist` -eq 0 ]; then 668 echo "No mirrors remaining, giving up." 669 return 1 670 fi 671 672# Find the highest priority level (lowest numeric value). 673 SRV_PRIORITY=`cut -f 1 -d ' ' serverlist | sort -n | head -1` 674 675# Add up the weights of the response lines at that priority level. 676 SRV_WSUM=0; 677 while read X; do 678 case "$X" in 679 ${SRV_PRIORITY}\ *) 680 SRV_W=`echo $X | cut -f 2 -d ' '` 681 SRV_WSUM=$(($SRV_WSUM + $SRV_W)) 682 ;; 683 esac 684 done < serverlist 685 686# If all the weights are 0, pretend that they are all 1 instead. 687 if [ ${SRV_WSUM} -eq 0 ]; then 688 SRV_WSUM=`grep -E "^${SRV_PRIORITY} " serverlist | wc -l` 689 SRV_W_ADD=1 690 else 691 SRV_W_ADD=0 692 fi 693 694# Pick a value between 0 and the sum of the weights - 1 695 SRV_RND=`expr ${RANDVALUE} % ${SRV_WSUM}` 696 697# Read through the list of mirrors and set SERVERNAME. Write the line 698# corresponding to the mirror we selected into serverlist_tried so that 699# we won't try it again. 700 while read X; do 701 case "$X" in 702 ${SRV_PRIORITY}\ *) 703 SRV_W=`echo $X | cut -f 2 -d ' '` 704 SRV_W=$(($SRV_W + $SRV_W_ADD)) 705 if [ $SRV_RND -lt $SRV_W ]; then 706 SERVERNAME=`echo $X | cut -f 3 -d ' '` 707 echo "$X" >> serverlist_tried 708 break 709 else 710 SRV_RND=$(($SRV_RND - $SRV_W)) 711 fi 712 ;; 713 esac 714 done < serverlist 715} 716 717# Take a list of ${oldhash}|${newhash} and output a list of needed patches, 718# i.e., those for which we have ${oldhash} and don't have ${newhash}. 719fetch_make_patchlist () { 720 grep -vE "^([0-9a-f]{64})\|\1$" | 721 tr '|' ' ' | 722 while read X Y; do 723 if [ -f "files/${Y}.gz" ] || 724 [ ! -f "files/${X}.gz" ]; then 725 continue 726 fi 727 echo "${X}|${Y}" 728 done | uniq 729} 730 731# Print user-friendly progress statistics 732fetch_progress () { 733 LNC=0 734 while read x; do 735 LNC=$(($LNC + 1)) 736 if [ $(($LNC % 10)) = 0 ]; then 737 echo -n $LNC 738 elif [ $(($LNC % 2)) = 0 ]; then 739 echo -n . 740 fi 741 done 742 echo -n " " 743} 744 745# Initialize the working directory 746workdir_init () { 747 mkdir -p files 748 touch tINDEX.present 749} 750 751# Check that we have a public key with an appropriate hash, or 752# fetch the key if it doesn't exist. Returns 1 if the key has 753# not yet been fetched. 754fetch_key () { 755 if [ -r pub.ssl ] && [ `${SHA256} -q pub.ssl` = ${KEYPRINT} ]; then 756 return 0 757 fi 758 759 echo -n "Fetching public key from ${SERVERNAME}... " 760 rm -f pub.ssl 761 fetch ${QUIETFLAG} http://${SERVERNAME}/${FETCHDIR}/pub.ssl \ 762 2>${QUIETREDIR} || true 763 if ! [ -r pub.ssl ]; then 764 echo "failed." 765 return 1 766 fi 767 if ! [ `${SHA256} -q pub.ssl` = ${KEYPRINT} ]; then 768 echo "key has incorrect hash." 769 rm -f pub.ssl 770 return 1 771 fi 772 echo "done." 773} 774 775# Fetch metadata signature, aka "tag". 776fetch_tag () { 777 echo ${NDEBUG} "Fetching metadata signature from ${SERVERNAME}... " 778 rm -f latest.ssl 779 fetch ${QUIETFLAG} http://${SERVERNAME}/${FETCHDIR}/latest.ssl \ 780 2>${QUIETREDIR} || true 781 if ! [ -r latest.ssl ]; then 782 echo "failed." 783 return 1 784 fi 785 786 openssl rsautl -pubin -inkey pub.ssl -verify \ 787 < latest.ssl > tag.new 2>${QUIETREDIR} || true 788 rm latest.ssl 789 790 if ! [ `wc -l < tag.new` = 1 ] || 791 ! grep -qE \ 792 "^freebsd-update\|${ARCH}\|${RELNUM}\|[0-9]+\|[0-9a-f]{64}\|[0-9]{10}" \ 793 tag.new; then 794 echo "invalid signature." 795 return 1 796 fi 797 798 echo "done." 799 800 RELPATCHNUM=`cut -f 4 -d '|' < tag.new` 801 TINDEXHASH=`cut -f 5 -d '|' < tag.new` 802 EOLTIME=`cut -f 6 -d '|' < tag.new` 803} 804 805# Sanity-check the patch number in a tag, to make sure that we're not 806# going to "update" backwards and to prevent replay attacks. 807fetch_tagsanity () { 808 # Check that we're not going to move from -pX to -pY with Y < X. 809 RELPX=`uname -r | sed -E 's,.*-,,'` 810 if echo ${RELPX} | grep -qE '^p[0-9]+$'; then 811 RELPX=`echo ${RELPX} | cut -c 2-` 812 else 813 RELPX=0 814 fi 815 if [ "${RELPATCHNUM}" -lt "${RELPX}" ]; then 816 echo 817 echo -n "Files on mirror (${RELNUM}-p${RELPATCHNUM})" 818 echo " appear older than what" 819 echo "we are currently running (`uname -r`)!" 820 echo "Cowardly refusing to proceed any further." 821 return 1 822 fi 823 824 # If "tag" exists and corresponds to ${RELNUM}, make sure that 825 # it contains a patch number <= RELPATCHNUM, in order to protect 826 # against rollback (replay) attacks. 827 if [ -f tag ] && 828 grep -qE \ 829 "^freebsd-update\|${ARCH}\|${RELNUM}\|[0-9]+\|[0-9a-f]{64}\|[0-9]{10}" \ 830 tag; then 831 LASTRELPATCHNUM=`cut -f 4 -d '|' < tag` 832 833 if [ "${RELPATCHNUM}" -lt "${LASTRELPATCHNUM}" ]; then 834 echo 835 echo -n "Files on mirror (${RELNUM}-p${RELPATCHNUM})" 836 echo " are older than the" 837 echo -n "most recently seen updates" 838 echo " (${RELNUM}-p${LASTRELPATCHNUM})." 839 echo "Cowardly refusing to proceed any further." 840 return 1 841 fi 842 fi 843} 844 845# Fetch metadata index file 846fetch_metadata_index () { 847 echo ${NDEBUG} "Fetching metadata index... " 848 rm -f ${TINDEXHASH} 849 fetch ${QUIETFLAG} http://${SERVERNAME}/${FETCHDIR}/t/${TINDEXHASH} 850 2>${QUIETREDIR} 851 if ! [ -f ${TINDEXHASH} ]; then 852 echo "failed." 853 return 1 854 fi 855 if [ `${SHA256} -q ${TINDEXHASH}` != ${TINDEXHASH} ]; then 856 echo "update metadata index corrupt." 857 return 1 858 fi 859 echo "done." 860} 861 862# Print an error message about signed metadata being bogus. 863fetch_metadata_bogus () { 864 echo 865 echo "The update metadata$1 is correctly signed, but" 866 echo "failed an integrity check." 867 echo "Cowardly refusing to proceed any further." 868 return 1 869} 870 871# Construct tINDEX.new by merging the lines named in $1 from ${TINDEXHASH} 872# with the lines not named in $@ from tINDEX.present (if that file exists). 873fetch_metadata_index_merge () { 874 for METAFILE in $@; do 875 if [ `grep -E "^${METAFILE}\|" ${TINDEXHASH} | wc -l` \ 876 -ne 1 ]; then 877 fetch_metadata_bogus " index" 878 return 1 879 fi 880 881 grep -E "${METAFILE}\|" ${TINDEXHASH} 882 done | 883 sort > tINDEX.wanted 884 885 if [ -f tINDEX.present ]; then 886 join -t '|' -v 2 tINDEX.wanted tINDEX.present | 887 sort -m - tINDEX.wanted > tINDEX.new 888 rm tINDEX.wanted 889 else 890 mv tINDEX.wanted tINDEX.new 891 fi 892} 893 894# Sanity check all the lines of tINDEX.new. Even if more metadata lines 895# are added by future versions of the server, this won't cause problems, 896# since the only lines which appear in tINDEX.new are the ones which we 897# specifically grepped out of ${TINDEXHASH}. 898fetch_metadata_index_sanity () { 899 if grep -qvE '^[0-9A-Z.-]+\|[0-9a-f]{64}$' tINDEX.new; then 900 fetch_metadata_bogus " index" 901 return 1 902 fi 903} 904 905# Sanity check the metadata file $1. 906fetch_metadata_sanity () { 907 # Some aliases to save space later: ${P} is a character which can 908 # appear in a path; ${M} is the four numeric metadata fields; and 909 # ${H} is a sha256 hash. 910 P="[-+./:=_[[:alnum:]]" 911 M="[0-9]+\|[0-9]+\|[0-9]+\|[0-9]+" 912 H="[0-9a-f]{64}" 913 914 # Check that the first four fields make sense. 915 if gunzip -c < files/$1.gz | 916 grep -qvE "^[a-z]+\|[0-9a-z]+\|${P}+\|[fdL-]\|"; then 917 fetch_metadata_bogus "" 918 return 1 919 fi 920 921 # Remove the first three fields. 922 gunzip -c < files/$1.gz | 923 cut -f 4- -d '|' > sanitycheck.tmp 924 925 # Sanity check entries with type 'f' 926 if grep -E '^f' sanitycheck.tmp | 927 grep -qvE "^f\|${M}\|${H}\|${P}*\$"; then 928 fetch_metadata_bogus "" 929 return 1 930 fi 931 932 # Sanity check entries with type 'd' 933 if grep -E '^d' sanitycheck.tmp | 934 grep -qvE "^d\|${M}\|\|\$"; then 935 fetch_metadata_bogus "" 936 return 1 937 fi 938 939 # Sanity check entries with type 'L' 940 if grep -E '^L' sanitycheck.tmp | 941 grep -qvE "^L\|${M}\|${P}*\|\$"; then 942 fetch_metadata_bogus "" 943 return 1 944 fi 945 946 # Sanity check entries with type '-' 947 if grep -E '^-' sanitycheck.tmp | 948 grep -qvE "^-\|\|\|\|\|\|"; then 949 fetch_metadata_bogus "" 950 return 1 951 fi 952 953 # Clean up 954 rm sanitycheck.tmp 955} 956 957# Fetch the metadata index and metadata files listed in $@, 958# taking advantage of metadata patches where possible. 959fetch_metadata () { 960 fetch_metadata_index || return 1 961 fetch_metadata_index_merge $@ || return 1 962 fetch_metadata_index_sanity || return 1 963 964 # Generate a list of wanted metadata patches 965 join -t '|' -o 1.2,2.2 tINDEX.present tINDEX.new | 966 fetch_make_patchlist > patchlist 967 968 if [ -s patchlist ]; then 969 # Attempt to fetch metadata patches 970 echo -n "Fetching `wc -l < patchlist | tr -d ' '` " 971 echo ${NDEBUG} "metadata patches.${DDSTATS}" 972 tr '|' '-' < patchlist | 973 lam -s "${FETCHDIR}/tp/" - -s ".gz" | 974 xargs ${XARGST} ${PHTTPGET} ${SERVERNAME} \ 975 2>${STATSREDIR} | fetch_progress 976 echo "done." 977 978 # Attempt to apply metadata patches 979 echo -n "Applying metadata patches... " 980 tr '|' ' ' < patchlist | 981 while read X Y; do 982 if [ ! -f "${X}-${Y}.gz" ]; then continue; fi 983 gunzip -c < ${X}-${Y}.gz > diff 984 gunzip -c < files/${X}.gz > diff-OLD 985 986 # Figure out which lines are being added and removed 987 grep -E '^-' diff | 988 cut -c 2- | 989 while read PREFIX; do 990 look "${PREFIX}" diff-OLD 991 done | 992 sort > diff-rm 993 grep -E '^\+' diff | 994 cut -c 2- > diff-add 995 996 # Generate the new file 997 comm -23 diff-OLD diff-rm | 998 sort - diff-add > diff-NEW 999 1000 if [ `${SHA256} -q diff-NEW` = ${Y} ]; then 1001 mv diff-NEW files/${Y} 1002 gzip -n files/${Y} 1003 else 1004 mv diff-NEW ${Y}.bad 1005 fi 1006 rm -f ${X}-${Y}.gz diff 1007 rm -f diff-OLD diff-NEW diff-add diff-rm 1008 done 2>${QUIETREDIR} 1009 echo "done." 1010 fi 1011 1012 # Update metadata without patches 1013 cut -f 2 -d '|' < tINDEX.new | 1014 while read Y; do 1015 if [ ! -f "files/${Y}.gz" ]; then 1016 echo ${Y}; 1017 fi 1018 done | 1019 sort -u > filelist 1020 1021 if [ -s filelist ]; then 1022 echo -n "Fetching `wc -l < filelist | tr -d ' '` " 1023 echo ${NDEBUG} "metadata files... " 1024 lam -s "${FETCHDIR}/m/" - -s ".gz" < filelist | 1025 xargs ${XARGST} ${PHTTPGET} ${SERVERNAME} \ 1026 2>${QUIETREDIR} 1027 1028 while read Y; do 1029 if ! [ -f ${Y}.gz ]; then 1030 echo "failed." 1031 return 1 1032 fi 1033 if [ `gunzip -c < ${Y}.gz | 1034 ${SHA256} -q` = ${Y} ]; then 1035 mv ${Y}.gz files/${Y}.gz 1036 else 1037 echo "metadata is corrupt." 1038 return 1 1039 fi 1040 done < filelist 1041 echo "done." 1042 fi 1043 1044# Sanity-check the metadata files. 1045 cut -f 2 -d '|' tINDEX.new > filelist 1046 while read X; do 1047 fetch_metadata_sanity ${X} || return 1 1048 done < filelist 1049 1050# Remove files which are no longer needed 1051 cut -f 2 -d '|' tINDEX.present | 1052 sort > oldfiles 1053 cut -f 2 -d '|' tINDEX.new | 1054 sort | 1055 comm -13 - oldfiles | 1056 lam -s "files/" - -s ".gz" | 1057 xargs rm -f 1058 rm patchlist filelist oldfiles 1059 rm ${TINDEXHASH} 1060 1061# We're done! 1062 mv tINDEX.new tINDEX.present 1063 mv tag.new tag 1064 1065 return 0 1066} 1067 1068# Generate a filtered version of the metadata file $1 from the downloaded 1069# file, by fishing out the lines corresponding to components we're trying 1070# to keep updated, and then removing lines corresponding to paths we want 1071# to ignore. 1072fetch_filter_metadata () { 1073 METAHASH=`look "$1|" tINDEX.present | cut -f 2 -d '|'` 1074 gunzip -c < files/${METAHASH}.gz > $1.all 1075 1076 # Fish out the lines belonging to components we care about. 1077 # Canonicalize directory names by removing any trailing / in 1078 # order to avoid listing directories multiple times if they 1079 # belong to multiple components. Turning "/" into "" doesn't 1080 # matter, since we add a leading "/" when we use paths later. 1081 for C in ${COMPONENTS}; do 1082 look "`echo ${C} | tr '/' '|'`|" $1.all 1083 done | 1084 cut -f 3- -d '|' | 1085 sed -e 's,/|d|,|d|,' | 1086 sort -u > $1.tmp 1087 1088 # Figure out which lines to ignore and remove them. 1089 for X in ${IGNOREPATHS}; do 1090 grep -E "^${X}" $1.tmp 1091 done | 1092 sort -u | 1093 comm -13 - $1.tmp > $1 1094 1095 # Remove temporary files. 1096 rm $1.all $1.tmp 1097} 1098 1099# Filter the metadata file $1 by adding lines with "/boot/${KERNCONF}" 1100# replaced by ${KERNELDIR} (which is `sysctl -n kern.bootfile` minus the 1101# trailing "/kernel"); and if "/boot/${KERNCONF}" does not exist, remove 1102# the original lines which start with that. 1103# Put another way: Deal with the fact that the FOO kernel is sometimes 1104# installed in /boot/FOO/ and is sometimes installed elsewhere. 1105fetch_filter_kernel_names () { 1106 1107 grep ^/boot/${KERNCONF} $1 | 1108 sed -e "s,/boot/${KERNCONF},${KERNELDIR},g" | 1109 sort - $1 > $1.tmp 1110 mv $1.tmp $1 1111 1112 if ! [ -d /boot/${KERNCONF} ]; then 1113 grep -v ^/boot/${KERNCONF} $1 > $1.tmp 1114 mv $1.tmp $1 1115 fi 1116} 1117 1118# For all paths appearing in $1 or $3, inspect the system 1119# and generate $2 describing what is currently installed. 1120fetch_inspect_system () { 1121 # No errors yet... 1122 rm -f .err 1123 1124 # Tell the user why his disk is suddenly making lots of noise 1125 echo -n "Inspecting system... " 1126 1127 # Generate list of files to inspect 1128 cat $1 $3 | 1129 cut -f 1 -d '|' | 1130 sort -u > filelist 1131 1132 # Examine each file and output lines of the form 1133 # /path/to/file|type|device-inum|user|group|perm|flags|value 1134 # sorted by device and inode number. 1135 while read F; do 1136 # If the symlink/file/directory does not exist, record this. 1137 if ! [ -e ${BASEDIR}/${F} ]; then 1138 echo "${F}|-||||||" 1139 continue 1140 fi 1141 if ! [ -r ${BASEDIR}/${F} ]; then 1142 echo "Cannot read file: ${BASEDIR}/${F}" \ 1143 >/dev/stderr 1144 touch .err 1145 return 1 1146 fi 1147 1148 # Otherwise, output an index line. 1149 if [ -L ${BASEDIR}/${F} ]; then 1150 echo -n "${F}|L|" 1151 stat -n -f '%d-%i|%u|%g|%Mp%Lp|%Of|' ${BASEDIR}/${F}; 1152 readlink ${BASEDIR}/${F}; 1153 elif [ -f ${BASEDIR}/${F} ]; then 1154 echo -n "${F}|f|" 1155 stat -n -f '%d-%i|%u|%g|%Mp%Lp|%Of|' ${BASEDIR}/${F}; 1156 sha256 -q ${BASEDIR}/${F}; 1157 elif [ -d ${BASEDIR}/${F} ]; then 1158 echo -n "${F}|d|" 1159 stat -f '%d-%i|%u|%g|%Mp%Lp|%Of|' ${BASEDIR}/${F}; 1160 else 1161 echo "Unknown file type: ${BASEDIR}/${F}" \ 1162 >/dev/stderr 1163 touch .err 1164 return 1 1165 fi 1166 done < filelist | 1167 sort -k 3,3 -t '|' > $2.tmp 1168 rm filelist 1169 1170 # Check if an error occured during system inspection 1171 if [ -f .err ]; then 1172 return 1 1173 fi 1174 1175 # Convert to the form 1176 # /path/to/file|type|user|group|perm|flags|value|hlink 1177 # by resolving identical device and inode numbers into hard links. 1178 cut -f 1,3 -d '|' $2.tmp | 1179 sort -k 1,1 -t '|' | 1180 sort -s -u -k 2,2 -t '|' | 1181 join -1 2 -2 3 -t '|' - $2.tmp | 1182 awk -F \| -v OFS=\| \ 1183 '{ 1184 if (($2 == $3) || ($4 == "-")) 1185 print $3,$4,$5,$6,$7,$8,$9,"" 1186 else 1187 print $3,$4,$5,$6,$7,$8,$9,$2 1188 }' | 1189 sort > $2 1190 rm $2.tmp 1191 1192 # We're finished looking around 1193 echo "done." 1194} 1195 1196# For any paths matching ${UPDATEIFUNMODIFIED}, remove lines from $[123] 1197# which correspond to lines in $2 with hashes not matching $1 or $3. For 1198# entries in $2 marked "not present" (aka. type -), remove lines from $[123] 1199# unless there is a corresponding entry in $1. 1200fetch_filter_unmodified_notpresent () { 1201 # Figure out which lines of $1 and $3 correspond to bits which 1202 # should only be updated if they haven't changed, and fish out 1203 # the (path, type, value) tuples. 1204 # NOTE: We don't consider a file to be "modified" if it matches 1205 # the hash from $3. 1206 for X in ${UPDATEIFUNMODIFIED}; do 1207 grep -E "^${X}" $1 1208 grep -E "^${X}" $3 1209 done | 1210 cut -f 1,2,7 -d '|' | 1211 sort > $1-values 1212 1213 # Do the same for $2. 1214 for X in ${UPDATEIFUNMODIFIED}; do 1215 grep -E "^${X}" $2 1216 done | 1217 cut -f 1,2,7 -d '|' | 1218 sort > $2-values 1219 1220 # Any entry in $2-values which is not in $1-values corresponds to 1221 # a path which we need to remove from $1, $2, and $3. 1222 comm -13 $1-values $2-values > mlines 1223 rm $1-values $2-values 1224 1225 # Any lines in $2 which are not in $1 AND are "not present" lines 1226 # also belong in mlines. 1227 comm -13 $1 $2 | 1228 cut -f 1,2,7 -d '|' | 1229 fgrep '|-|' >> mlines 1230 1231 # Remove lines from $1, $2, and $3 1232 for X in $1 $2 $3; do 1233 sort -t '|' -k 1,1 ${X} > ${X}.tmp 1234 cut -f 1 -d '|' < mlines | 1235 sort | 1236 join -v 2 -t '|' - ${X}.tmp | 1237 sort > ${X} 1238 rm ${X}.tmp 1239 done 1240 1241 # Store a list of the modified files, for future reference 1242 fgrep -v '|-|' mlines | 1243 cut -f 1 -d '|' > modifiedfiles 1244 rm mlines 1245} 1246 1247# For each entry in $1 of type -, remove any corresponding 1248# entry from $2 if ${ALLOWADD} != "yes". Remove all entries 1249# of type - from $1. 1250fetch_filter_allowadd () { 1251 cut -f 1,2 -d '|' < $1 | 1252 fgrep '|-' | 1253 cut -f 1 -d '|' > filesnotpresent 1254 1255 if [ ${ALLOWADD} != "yes" ]; then 1256 sort < $2 | 1257 join -v 1 -t '|' - filesnotpresent | 1258 sort > $2.tmp 1259 mv $2.tmp $2 1260 fi 1261 1262 sort < $1 | 1263 join -v 1 -t '|' - filesnotpresent | 1264 sort > $1.tmp 1265 mv $1.tmp $1 1266 rm filesnotpresent 1267} 1268 1269# If ${ALLOWDELETE} != "yes", then remove any entries from $1 1270# which don't correspond to entries in $2. 1271fetch_filter_allowdelete () { 1272 # Produce a lists ${PATH}|${TYPE} 1273 for X in $1 $2; do 1274 cut -f 1-2 -d '|' < ${X} | 1275 sort -u > ${X}.nodes 1276 done 1277 1278 # Figure out which lines need to be removed from $1. 1279 if [ ${ALLOWDELETE} != "yes" ]; then 1280 comm -23 $1.nodes $2.nodes > $1.badnodes 1281 else 1282 : > $1.badnodes 1283 fi 1284 1285 # Remove the relevant lines from $1 1286 while read X; do 1287 look "${X}|" $1 1288 done < $1.badnodes | 1289 comm -13 - $1 > $1.tmp 1290 mv $1.tmp $1 1291 1292 rm $1.badnodes $1.nodes $2.nodes 1293} 1294 1295# If ${KEEPMODIFIEDMETADATA} == "yes", then for each entry in $2 1296# with metadata not matching any entry in $1, replace the corresponding 1297# line of $3 with one having the same metadata as the entry in $2. 1298fetch_filter_modified_metadata () { 1299 # Fish out the metadata from $1 and $2 1300 for X in $1 $2; do 1301 cut -f 1-6 -d '|' < ${X} > ${X}.metadata 1302 done 1303 1304 # Find the metadata we need to keep 1305 if [ ${KEEPMODIFIEDMETADATA} = "yes" ]; then 1306 comm -13 $1.metadata $2.metadata > keepmeta 1307 else 1308 : > keepmeta 1309 fi 1310 1311 # Extract the lines which we need to remove from $3, and 1312 # construct the lines which we need to add to $3. 1313 : > $3.remove 1314 : > $3.add 1315 while read LINE; do 1316 NODE=`echo "${LINE}" | cut -f 1-2 -d '|'` 1317 look "${NODE}|" $3 >> $3.remove 1318 look "${NODE}|" $3 | 1319 cut -f 7- -d '|' | 1320 lam -s "${LINE}|" - >> $3.add 1321 done < keepmeta 1322 1323 # Remove the specified lines and add the new lines. 1324 sort $3.remove | 1325 comm -13 - $3 | 1326 sort -u - $3.add > $3.tmp 1327 mv $3.tmp $3 1328 1329 rm keepmeta $1.metadata $2.metadata $3.add $3.remove 1330} 1331 1332# Remove lines from $1 and $2 which are identical; 1333# no need to update a file if it isn't changing. 1334fetch_filter_uptodate () { 1335 comm -23 $1 $2 > $1.tmp 1336 comm -13 $1 $2 > $2.tmp 1337 1338 mv $1.tmp $1 1339 mv $2.tmp $2 1340} 1341 1342# Prepare to fetch files: Generate a list of the files we need, 1343# copy the unmodified files we have into /files/, and generate 1344# a list of patches to download. 1345fetch_files_prepare () { 1346 # Tell the user why his disk is suddenly making lots of noise 1347 echo -n "Preparing to download files... " 1348 1349 # Reduce indices to ${PATH}|${HASH} pairs 1350 for X in $1 $2 $3; do 1351 cut -f 1,2,7 -d '|' < ${X} | 1352 fgrep '|f|' | 1353 cut -f 1,3 -d '|' | 1354 sort > ${X}.hashes 1355 done 1356 1357 # List of files wanted 1358 cut -f 2 -d '|' < $3.hashes | 1359 sort -u > files.wanted 1360 1361 # Generate a list of unmodified files 1362 comm -12 $1.hashes $2.hashes | 1363 sort -k 1,1 -t '|' > unmodified.files 1364 1365 # Copy all files into /files/. We only need the unmodified files 1366 # for use in patching; but we'll want all of them if the user asks 1367 # to rollback the updates later. 1368 while read LINE; do 1369 F=`echo "${LINE}" | cut -f 1 -d '|'` 1370 HASH=`echo "${LINE}" | cut -f 2 -d '|'` 1371 1372 # Skip files we already have. 1373 if [ -f files/${HASH}.gz ]; then 1374 continue 1375 fi 1376 1377 # Make sure the file hasn't changed. 1378 cp "${BASEDIR}/${F}" tmpfile 1379 if [ `sha256 -q tmpfile` != ${HASH} ]; then 1380 echo 1381 echo "File changed while FreeBSD Update running: ${F}" 1382 return 1 1383 fi 1384 1385 # Place the file into storage. 1386 gzip -c < tmpfile > files/${HASH}.gz 1387 rm tmpfile 1388 done < $2.hashes 1389 1390 # Produce a list of patches to download 1391 sort -k 1,1 -t '|' $3.hashes | 1392 join -t '|' -o 2.2,1.2 - unmodified.files | 1393 fetch_make_patchlist > patchlist 1394 1395 # Garbage collect 1396 rm unmodified.files $1.hashes $2.hashes $3.hashes 1397 1398 # We don't need the list of possible old files any more. 1399 rm $1 1400 1401 # We're finished making noise 1402 echo "done." 1403} 1404 1405# Fetch files. 1406fetch_files () { 1407 # Attempt to fetch patches 1408 if [ -s patchlist ]; then 1409 echo -n "Fetching `wc -l < patchlist | tr -d ' '` " 1410 echo ${NDEBUG} "patches.${DDSTATS}" 1411 tr '|' '-' < patchlist | 1412 lam -s "${FETCHDIR}/bp/" - | 1413 xargs ${XARGST} ${PHTTPGET} ${SERVERNAME} \ 1414 2>${STATSREDIR} | fetch_progress 1415 echo "done." 1416 1417 # Attempt to apply patches 1418 echo -n "Applying patches... " 1419 tr '|' ' ' < patchlist | 1420 while read X Y; do 1421 if [ ! -f "${X}-${Y}" ]; then continue; fi 1422 gunzip -c < files/${X}.gz > OLD 1423 1424 bspatch OLD NEW ${X}-${Y} 1425 1426 if [ `${SHA256} -q NEW` = ${Y} ]; then 1427 mv NEW files/${Y} 1428 gzip -n files/${Y} 1429 fi 1430 rm -f diff OLD NEW ${X}-${Y} 1431 done 2>${QUIETREDIR} 1432 echo "done." 1433 fi 1434 1435 # Download files which couldn't be generate via patching 1436 while read Y; do 1437 if [ ! -f "files/${Y}.gz" ]; then 1438 echo ${Y}; 1439 fi 1440 done < files.wanted > filelist 1441 1442 if [ -s filelist ]; then 1443 echo -n "Fetching `wc -l < filelist | tr -d ' '` " 1444 echo ${NDEBUG} "files... " 1445 lam -s "${FETCHDIR}/f/" - -s ".gz" < filelist | 1446 xargs ${XARGST} ${PHTTPGET} ${SERVERNAME} \ 1447 2>${QUIETREDIR} 1448 1449 while read Y; do 1450 if ! [ -f ${Y}.gz ]; then 1451 echo "failed." 1452 return 1 1453 fi 1454 if [ `gunzip -c < ${Y}.gz | 1455 ${SHA256} -q` = ${Y} ]; then 1456 mv ${Y}.gz files/${Y}.gz 1457 else 1458 echo "${Y} has incorrect hash." 1459 return 1 1460 fi 1461 done < filelist 1462 echo "done." 1463 fi 1464 1465 # Clean up 1466 rm files.wanted filelist patchlist 1467} 1468 1469# Create and populate install manifest directory; and report what updates 1470# are available. 1471fetch_create_manifest () { 1472 # If we have an existing install manifest, nuke it. 1473 if [ -L "${BDHASH}-install" ]; then 1474 rm -r ${BDHASH}-install/ 1475 rm ${BDHASH}-install 1476 fi 1477 1478 # Report to the user if any updates were avoided due to local changes 1479 if [ -s modifiedfiles ]; then 1480 echo 1481 echo -n "The following files are affected by updates, " 1482 echo "but no changes have" 1483 echo -n "been downloaded because the files have been " 1484 echo "modified locally:" 1485 cat modifiedfiles 1486 fi 1487 rm modifiedfiles 1488 1489 # If no files will be updated, tell the user and exit 1490 if ! [ -s INDEX-PRESENT ] && 1491 ! [ -s INDEX-NEW ]; then 1492 rm INDEX-PRESENT INDEX-NEW 1493 echo 1494 echo -n "No updates needed to update system to " 1495 echo "${RELNUM}-p${RELPATCHNUM}." 1496 return 1497 fi 1498 1499 # Divide files into (a) removed files, (b) added files, and 1500 # (c) updated files. 1501 cut -f 1 -d '|' < INDEX-PRESENT | 1502 sort > INDEX-PRESENT.flist 1503 cut -f 1 -d '|' < INDEX-NEW | 1504 sort > INDEX-NEW.flist 1505 comm -23 INDEX-PRESENT.flist INDEX-NEW.flist > files.removed 1506 comm -13 INDEX-PRESENT.flist INDEX-NEW.flist > files.added 1507 comm -12 INDEX-PRESENT.flist INDEX-NEW.flist > files.updated 1508 rm INDEX-PRESENT.flist INDEX-NEW.flist 1509 1510 # Report removed files, if any 1511 if [ -s files.removed ]; then 1512 echo 1513 echo -n "The following files will be removed " 1514 echo "as part of updating to ${RELNUM}-p${RELPATCHNUM}:" 1515 cat files.removed 1516 fi 1517 rm files.removed 1518 1519 # Report added files, if any 1520 if [ -s files.added ]; then 1521 echo 1522 echo -n "The following files will be added " 1523 echo "as part of updating to ${RELNUM}-p${RELPATCHNUM}:" 1524 cat files.added 1525 fi 1526 rm files.added 1527 1528 # Report updated files, if any 1529 if [ -s files.updated ]; then 1530 echo 1531 echo -n "The following files will be updated " 1532 echo "as part of updating to ${RELNUM}-p${RELPATCHNUM}:" 1533 1534 cat files.updated 1535 fi 1536 rm files.updated 1537 1538 # Create a directory for the install manifest. 1539 MDIR=`mktemp -d install.XXXXXX` || return 1 1540 1541 # Populate it 1542 mv INDEX-PRESENT ${MDIR}/INDEX-OLD 1543 mv INDEX-NEW ${MDIR}/INDEX-NEW 1544 1545 # Link it into place 1546 ln -s ${MDIR} ${BDHASH}-install 1547} 1548 1549# Warn about any upcoming EoL 1550fetch_warn_eol () { 1551 # What's the current time? 1552 NOWTIME=`date "+%s"` 1553 1554 # When did we last warn about the EoL date? 1555 if [ -f lasteolwarn ]; then 1556 LASTWARN=`cat lasteolwarn` 1557 else 1558 LASTWARN=`expr ${NOWTIME} - 63072000` 1559 fi 1560 1561 # If the EoL time is past, warn. 1562 if [ ${EOLTIME} -lt ${NOWTIME} ]; then 1563 echo 1564 cat <<-EOF 1565 WARNING: `uname -sr` HAS PASSED ITS END-OF-LIFE DATE. 1566 Any security issues discovered after `date -r ${EOLTIME}` 1567 will not have been corrected. 1568 EOF 1569 return 1 1570 fi 1571 1572 # Figure out how long it has been since we last warned about the 1573 # upcoming EoL, and how much longer we have left. 1574 SINCEWARN=`expr ${NOWTIME} - ${LASTWARN}` 1575 TIMELEFT=`expr ${EOLTIME} - ${NOWTIME}` 1576 1577 # Don't warn if the EoL is more than 6 months away 1578 if [ ${TIMELEFT} -gt 15768000 ]; then 1579 return 0 1580 fi 1581 1582 # Don't warn if the time remaining is more than 3 times the time 1583 # since the last warning. 1584 if [ ${TIMELEFT} -gt `expr ${SINCEWARN} \* 3` ]; then 1585 return 0 1586 fi 1587 1588 # Figure out what time units to use. 1589 if [ ${TIMELEFT} -lt 604800 ]; then 1590 UNIT="day" 1591 SIZE=86400 1592 elif [ ${TIMELEFT} -lt 2678400 ]; then 1593 UNIT="week" 1594 SIZE=604800 1595 else 1596 UNIT="month" 1597 SIZE=2678400 1598 fi 1599 1600 # Compute the right number of units 1601 NUM=`expr ${TIMELEFT} / ${SIZE}` 1602 if [ ${NUM} != 1 ]; then 1603 UNIT="${UNIT}s" 1604 fi 1605 1606 # Print the warning 1607 echo 1608 cat <<-EOF 1609 WARNING: `uname -sr` is approaching its End-of-Life date. 1610 It is strongly recommended that you upgrade to a newer 1611 release within the next ${NUM} ${UNIT}. 1612 EOF 1613 1614 # Update the stored time of last warning 1615 echo ${NOWTIME} > lasteolwarn 1616} 1617 1618# Do the actual work involved in "fetch" / "cron". 1619fetch_run () { 1620 workdir_init || return 1 1621 1622 # Prepare the mirror list. 1623 fetch_pick_server_init && fetch_pick_server 1624 1625 # Try to fetch the public key until we run out of servers. 1626 while ! fetch_key; do 1627 fetch_pick_server || return 1 1628 done 1629 1630 # Try to fetch the metadata index signature ("tag") until we run 1631 # out of available servers; and sanity check the downloaded tag. 1632 while ! fetch_tag; do 1633 fetch_pick_server || return 1 1634 done 1635 fetch_tagsanity || return 1 1636 1637 # Fetch the latest INDEX-NEW and INDEX-OLD files. 1638 fetch_metadata INDEX-NEW INDEX-OLD || return 1 1639 1640 # Generate filtered INDEX-NEW and INDEX-OLD files containing only 1641 # the lines which (a) belong to components we care about, and (b) 1642 # don't correspond to paths we're explicitly ignoring. 1643 fetch_filter_metadata INDEX-NEW || return 1 1644 fetch_filter_metadata INDEX-OLD || return 1 1645 1646 # Translate /boot/`uname -i` into ${KERNELDIR} 1647 fetch_filter_kernel_names INDEX-NEW 1648 fetch_filter_kernel_names INDEX-OLD 1649 1650 # For all paths appearing in INDEX-OLD or INDEX-NEW, inspect the 1651 # system and generate an INDEX-PRESENT file. 1652 fetch_inspect_system INDEX-OLD INDEX-PRESENT INDEX-NEW || return 1 1653 1654 # Based on ${UPDATEIFUNMODIFIED}, remove lines from INDEX-* which 1655 # correspond to lines in INDEX-PRESENT with hashes not appearing 1656 # in INDEX-OLD or INDEX-NEW. Also remove lines where the entry in 1657 # INDEX-PRESENT has type - and there isn't a corresponding entry in 1658 # INDEX-OLD with type -. 1659 fetch_filter_unmodified_notpresent INDEX-OLD INDEX-PRESENT INDEX-NEW 1660 1661 # For each entry in INDEX-PRESENT of type -, remove any corresponding 1662 # entry from INDEX-NEW if ${ALLOWADD} != "yes". Remove all entries 1663 # of type - from INDEX-PRESENT. 1664 fetch_filter_allowadd INDEX-PRESENT INDEX-NEW 1665 1666 # If ${ALLOWDELETE} != "yes", then remove any entries from 1667 # INDEX-PRESENT which don't correspond to entries in INDEX-NEW. 1668 fetch_filter_allowdelete INDEX-PRESENT INDEX-NEW 1669 1670 # If ${KEEPMODIFIEDMETADATA} == "yes", then for each entry in 1671 # INDEX-PRESENT with metadata not matching any entry in INDEX-OLD, 1672 # replace the corresponding line of INDEX-NEW with one having the 1673 # same metadata as the entry in INDEX-PRESENT. 1674 fetch_filter_modified_metadata INDEX-OLD INDEX-PRESENT INDEX-NEW 1675 1676 # Remove lines from INDEX-PRESENT and INDEX-NEW which are identical; 1677 # no need to update a file if it isn't changing. 1678 fetch_filter_uptodate INDEX-PRESENT INDEX-NEW 1679 1680 # Prepare to fetch files: Generate a list of the files we need, 1681 # copy the unmodified files we have into /files/, and generate 1682 # a list of patches to download. 1683 fetch_files_prepare INDEX-OLD INDEX-PRESENT INDEX-NEW || return 1 1684 1685 # Fetch files. 1686 fetch_files || return 1 1687 1688 # Create and populate install manifest directory; and report what 1689 # updates are available. 1690 fetch_create_manifest || return 1 1691 1692 # Warn about any upcoming EoL 1693 fetch_warn_eol || return 1 1694} 1695 1696# Make sure that all the file hashes mentioned in $@ have corresponding 1697# gzipped files stored in /files/. 1698install_verify () { 1699 # Generate a list of hashes 1700 cat $@ | 1701 cut -f 2,7 -d '|' | 1702 grep -E '^f' | 1703 cut -f 2 -d '|' | 1704 sort -u > filelist 1705 1706 # Make sure all the hashes exist 1707 while read HASH; do 1708 if ! [ -f files/${HASH}.gz ]; then 1709 echo -n "Update files missing -- " 1710 echo "this should never happen." 1711 echo "Re-run '$0 fetch'." 1712 return 1 1713 fi 1714 done < filelist 1715 1716 # Clean up 1717 rm filelist 1718} 1719 1720# Remove the system immutable flag from files 1721install_unschg () { 1722 # Generate file list 1723 cat $@ | 1724 cut -f 1 -d '|' > filelist 1725 1726 # Remove flags 1727 while read F; do 1728 if ! [ -e ${BASEDIR}/${F} ]; then 1729 continue 1730 fi 1731 1732 chflags noschg ${BASEDIR}/${F} || return 1 1733 done < filelist 1734 1735 # Clean up 1736 rm filelist 1737} 1738 1739# Install new files 1740install_from_index () { 1741 # First pass: Do everything apart from setting file flags. We 1742 # can't set flags yet, because schg inhibits hard linking. 1743 sort -k 1,1 -t '|' $1 | 1744 tr '|' ' ' | 1745 while read FPATH TYPE OWNER GROUP PERM FLAGS HASH LINK; do 1746 case ${TYPE} in 1747 d) 1748 # Create a directory 1749 install -d -o ${OWNER} -g ${GROUP} \ 1750 -m ${PERM} ${BASEDIR}/${FPATH} 1751 ;; 1752 f) 1753 if [ -z "${LINK}" ]; then 1754 # Create a file, without setting flags. 1755 gunzip < files/${HASH}.gz > ${HASH} 1756 install -S -o ${OWNER} -g ${GROUP} \ 1757 -m ${PERM} ${HASH} ${BASEDIR}/${FPATH} 1758 rm ${HASH} 1759 else 1760 # Create a hard link. 1761 ln -f ${BASEDIR}/${LINK} ${BASEDIR}/${FPATH} 1762 fi 1763 ;; 1764 L) 1765 # Create a symlink 1766 ln -sfh ${HASH} ${BASEDIR}/${FPATH} 1767 ;; 1768 esac 1769 done 1770 1771 # Perform a second pass, adding file flags. 1772 tr '|' ' ' < $1 | 1773 while read FPATH TYPE OWNER GROUP PERM FLAGS HASH LINK; do 1774 if [ ${TYPE} = "f" ] && 1775 ! [ ${FLAGS} = "0" ]; then 1776 chflags ${FLAGS} ${BASEDIR}/${FPATH} 1777 fi 1778 done 1779} 1780 1781# Remove files which we want to delete 1782install_delete () { 1783 # Generate list of new files 1784 cut -f 1 -d '|' < $2 | 1785 sort > newfiles 1786 1787 # Generate subindex of old files we want to nuke 1788 sort -k 1,1 -t '|' $1 | 1789 join -t '|' -v 1 - newfiles | 1790 sort -r -k 1,1 -t '|' | 1791 cut -f 1,2 -d '|' | 1792 tr '|' ' ' > killfiles 1793 1794 # Remove the offending bits 1795 while read FPATH TYPE; do 1796 case ${TYPE} in 1797 d) 1798 rmdir ${BASEDIR}/${FPATH} 1799 ;; 1800 f) 1801 rm ${BASEDIR}/${FPATH} 1802 ;; 1803 L) 1804 rm ${BASEDIR}/${FPATH} 1805 ;; 1806 esac 1807 done < killfiles 1808 1809 # Clean up 1810 rm newfiles killfiles 1811} 1812 1813# Update linker.hints if anything in /boot/ was touched 1814install_kldxref () { 1815 if cat $@ | 1816 grep -qE '^/boot/'; then 1817 kldxref -R /boot/ 1818 fi 1819} 1820 1821# Rearrange bits to allow the installed updates to be rolled back 1822install_setup_rollback () { 1823 if [ -L ${BDHASH}-rollback ]; then 1824 mv ${BDHASH}-rollback ${BDHASH}-install/rollback 1825 fi 1826 1827 mv ${BDHASH}-install ${BDHASH}-rollback 1828} 1829 1830# Actually install updates 1831install_run () { 1832 echo -n "Installing updates..." 1833 1834 # Make sure we have all the files we should have 1835 install_verify ${BDHASH}-install/INDEX-OLD \ 1836 ${BDHASH}-install/INDEX-NEW || return 1 1837 1838 # Remove system immutable flag from files 1839 install_unschg ${BDHASH}-install/INDEX-OLD \ 1840 ${BDHASH}-install/INDEX-NEW || return 1 1841 1842 # Install new files 1843 install_from_index \ 1844 ${BDHASH}-install/INDEX-NEW || return 1 1845 1846 # Remove files which we want to delete 1847 install_delete ${BDHASH}-install/INDEX-OLD \ 1848 ${BDHASH}-install/INDEX-NEW || return 1 1849 1850 # Update linker.hints if anything in /boot/ was touched 1851 install_kldxref ${BDHASH}-install/INDEX-OLD \ 1852 ${BDHASH}-install/INDEX-NEW 1853 1854 # Rearrange bits to allow the installed updates to be rolled back 1855 install_setup_rollback 1856 1857 echo " done." 1858} 1859 1860# Rearrange bits to allow the previous set of updates to be rolled back next. 1861rollback_setup_rollback () { 1862 if [ -L ${BDHASH}-rollback/rollback ]; then 1863 mv ${BDHASH}-rollback/rollback rollback-tmp 1864 rm -r ${BDHASH}-rollback/ 1865 rm ${BDHASH}-rollback 1866 mv rollback-tmp ${BDHASH}-rollback 1867 else 1868 rm -r ${BDHASH}-rollback/ 1869 rm ${BDHASH}-rollback 1870 fi 1871} 1872 1873# Actually rollback updates 1874rollback_run () { 1875 echo -n "Uninstalling updates..." 1876 1877 # If there are updates waiting to be installed, remove them; we 1878 # want the user to re-run 'fetch' after rolling back updates. 1879 if [ -L ${BDHASH}-install ]; then 1880 rm -r ${BDHASH}-install/ 1881 rm ${BDHASH}-install 1882 fi 1883 1884 # Make sure we have all the files we should have 1885 install_verify ${BDHASH}-rollback/INDEX-NEW \ 1886 ${BDHASH}-rollback/INDEX-OLD || return 1 1887 1888 # Remove system immutable flag from files 1889 install_unschg ${BDHASH}-rollback/INDEX-NEW \ 1890 ${BDHASH}-rollback/INDEX-OLD || return 1 1891 1892 # Install new files 1893 install_from_index \ 1894 ${BDHASH}-rollback/INDEX-OLD || return 1 1895 1896 # Remove files which we want to delete 1897 install_delete ${BDHASH}-rollback/INDEX-NEW \ 1898 ${BDHASH}-rollback/INDEX-OLD || return 1 1899 1900 # Update linker.hints if anything in /boot/ was touched 1901 install_kldxref ${BDHASH}-rollback/INDEX-NEW \ 1902 ${BDHASH}-rollback/INDEX-OLD 1903 1904 # Remove the rollback directory and the symlink pointing to it; and 1905 # rearrange bits to allow the previous set of updates to be rolled 1906 # back next. 1907 rollback_setup_rollback 1908 1909 echo " done." 1910} 1911 1912#### Main functions -- call parameter-handling and core functions 1913 1914# Using the command line, configuration file, and defaults, 1915# set all the parameters which are needed later. 1916get_params () { 1917 init_params 1918 parse_cmdline $@ 1919 parse_conffile 1920 default_params 1921} 1922 1923# Fetch command. Make sure that we're being called 1924# interactively, then run fetch_check_params and fetch_run 1925cmd_fetch () { 1926 if [ ! -t 0 ]; then 1927 echo -n "`basename $0` fetch should not " 1928 echo "be run non-interactively." 1929 echo "Run `basename $0` cron instead." 1930 exit 1 1931 fi 1932 fetch_check_params 1933 fetch_run || exit 1 1934} 1935 1936# Cron command. Make sure the parameters are sensible; wait 1937# rand(3600) seconds; then fetch updates. While fetching updates, 1938# send output to a temporary file; only print that file if the 1939# fetching failed. 1940cmd_cron () { 1941 fetch_check_params 1942 sleep `jot -r 1 0 3600` 1943 1944 TMPFILE=`mktemp /tmp/freebsd-update.XXXXXX` || exit 1 1945 if ! fetch_run >> ${TMPFILE} || 1946 ! grep -q "No updates needed" ${TMPFILE} || 1947 [ ${VERBOSELEVEL} = "debug" ]; then 1948 mail -s "`hostname` security updates" ${MAILTO} < ${TMPFILE} 1949 fi 1950 1951 rm ${TMPFILE} 1952} 1953 1954# Install downloaded updates. 1955cmd_install () { 1956 install_check_params 1957 install_run || exit 1 1958} 1959 1960# Rollback most recently installed updates. 1961cmd_rollback () { 1962 rollback_check_params 1963 rollback_run || exit 1 1964} 1965 1966#### Entry point 1967 1968# Make sure we find utilities from the base system 1969export PATH=/sbin:/bin:/usr/sbin:/usr/bin:${PATH} 1970 1971# Set LC_ALL in order to avoid problems with character ranges like [A-Z]. 1972export LC_ALL=C 1973 1974get_params $@ 1975for COMMAND in ${COMMANDS}; do 1976 cmd_${COMMAND} 1977done 1978